Fixed vs. Variable-length patterns for detecting suspicious process behavior

Hervé Debar, Marc Dacier, Mehdi Nassehi, Andreas Wespi

Research output: Chapter in Book/Report/Conference proceedingConference contribution

14 Citations (Scopus)

Abstract

This paper addresses the problem of creating patterns that can be used to model the normal behavior of a given process. These models can be used for intrusion detection purposes. In a previous work, we presented a novel method to generate input data sets that enable us to observe the normal behavior of a process in a secure environment. Using this method, we propose various techniques to generate either fixed-length or variable-length patterns. We show the advantages and drawbacks of each technique, based on the results of the experiments we have run on our testbed.

Original languageEnglish
Title of host publicationLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
PublisherSpringer Verlag
Pages1-15
Number of pages15
Volume1485
ISBN (Print)3540650040, 9783540650041
DOIs
Publication statusPublished - 1998
Externally publishedYes
Event5th European Symposium on Research in Computer Security, ESORICS 1998 - Louvain-la-Neuve, Belgium
Duration: 16 Sep 199818 Sep 1998

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume1485
ISSN (Print)03029743
ISSN (Electronic)16113349

Other

Other5th European Symposium on Research in Computer Security, ESORICS 1998
CountryBelgium
CityLouvain-la-Neuve
Period16/9/9818/9/98

    Fingerprint

ASJC Scopus subject areas

  • Computer Science(all)
  • Theoretical Computer Science

Cite this

Debar, H., Dacier, M., Nassehi, M., & Wespi, A. (1998). Fixed vs. Variable-length patterns for detecting suspicious process behavior. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 1485, pp. 1-15). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 1485). Springer Verlag. https://doi.org/10.1007/BFb0055852